Results 1 to 9 of 9
  1. #1

    t-dialin.net <-- how can I block them

    p508C695F.dip.t-dialin.net[80.140.105.95]

    So I'm getting a lot of attacks from different ip addresses from t-dialin.net similar to what I posted above. What I want to know is how can I find out all of the t-dialin.net ip pools so I can drop them all using iptables?

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    http://www.ripe.net/perl/whois?form_..._search=Search

    According to RIPE, they own: 80.128.0.0 - 80.146.159.255

  3. #3
    Join Date
    Nov 2002
    Location
    Hot, hot Michigan...
    Posts
    3,506
    Yup, we've seen lots of sweeps from this provider in particular - mostly using nessus to scan repeatedly.

    Bootssir - located in theplanet? Wondering if they're scanning all of theplanets ranges..

  4. #4
    Join Date
    Jun 2003
    Posts
    961
    the address space is owned by Deutsche Telekom AG.
    Its dialup address space, ripe netname is DTAG-DIAL[number]
    e.g. DTAG-DIAL1
    http://www.ripe.net/perl/whois?form_...ext=DTAG-DIAL1
    if you want to block all dialup ipranges from this provider, ripe dtag-dial1 till dial18 and use iptables with -j DROP or REJECT option.

  5. #5
    Join Date
    Jul 2002
    Location
    UK
    Posts
    2,026
    If you block t-dialin.net, you're blocking Germany's #1 ISP from your servers. The number of attacks is probably because of the vast number of users of the service.
    Gone.

  6. #6
    Originally posted by thedavid
    Yup, we've seen lots of sweeps from this provider in particular - mostly using nessus to scan repeatedly.

    Bootssir - located in theplanet? Wondering if they're scanning all of theplanets ranges..
    Yes, I am on The Planet

  7. #7
    Originally posted by phision.com
    If you block t-dialin.net, you're blocking Germany's #1 ISP from your servers. The number of attacks is probably because of the vast number of users of the service.

    Yeah, I was thinking that. I hate blocking entire ISP's but I also like to take a proactive approach when protecting my servers.

  8. #8
    Join Date
    Apr 2002
    Location
    Southampton, UK
    Posts
    1,023
    Originally posted by BootsSiR
    Yeah, I was thinking that. I hate blocking entire ISP's but I also like to take a proactive approach when protecting my servers.
    A few T-dialin users seem to be spoiling the service for the rest of the population all over the internet. A smallish amount of users on T-dialin have been abusing QuakeNET (world's largest IRC network) and got the entire domain banned.
    Regards,
    Stephen Marsh

    UrbanServers.com - Premium UK SSD Virtual Servers

  9. #9
    yeah, that sure sucks to be a legit user when your ISP is loaded with script kiddies and wannabe hackers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •